With that said and done, here are the instructions for building the OSU
HTTPD server with SSL support using the SSL_TASK program.
-
If you don't have the OSU HTTPD server already installed and running
you need to unpack the OSU distribution kit somewhere. (For the purpose
of this discussion we'll assume you unpacked it in a directory called
DISK$WORK:[HTTP_SERVER]).
If you already have the OSU HTTPD server installed, you are set.
-
Go to the [.BASE_CODE] directory in the OSU HTTPD distribution.
-
Unpack the OSU_SSL.ZIP files
into your [.BASE_CODE] directory replacing the files.
-
You need to build the OSU HTTPD server so that it will use the
shareable image TCP/IP interface. This is done as follows.
$ MMS/MACRO=(SHARE_TCP=xxxx)
Where the "xxxx" is one of the following.
CMUTCP CMU TCP/IP
MULTINET Multinet TCP/IP
TCPWARE TCPWare TCP/IP
TWGTCP Pathway TCP/IP
UCXTCP DEC UCX TCP/IP
-
When that is done running, you need to compile the TSERVER_SSL.C
and SSL_SERVER_DNET.C
$ CC TSERVER_SSL.C
$ CC SSL_SERVER_DNET.C
-
You now need to link the DECNet SSL server. Go to your OSU
[.BASE_CODE] directory and execute the following.
$ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_DNET)
-
If that went well you should have the file TSERVER_SSL.EXE in
your OSU [.SYSTEM] directory.
-
Unpack the updated replacement
TSERVER_TCPSHR_INSTALL.COM file and place it in the OSU HTTPD
[.SYSTEM] directory.
If you didn't compile the SSL_TASK.EXE when you built your
OpenSSL library, go to the [.OPENSSL-0_9_5A.SSL] directory
and use the SSL-LIB.COM script to build it, it accepts the
following parameters.
P1: ALL Just build everything.
LIBRARY Just build the SSL Library
SSL_TASK Just build the SSL_TASK.EXE
P2: RSAREF Compile using RSAREF routines.
NORSAREF Don't compile using the RSAREF routines.
P3: DEBUG Compile with debug information.
NODEBUG Compile without debug information.
P4: VAXC Use the VAXC compiler.
DECC Use the DECC compiler.
GNUC Use the GNUC compiler.
P5: UCX Use the UCX TCP/IP routines.
SOCKETSHR Use the SOCKETSHR TCP/IP routines.
You have to use the same options you originally used when you built
the OpenSSL library. You don't have to build the entire
SSL library again, just the SSL_TASK.
-
Copy your SSL server certificate into the OpenSSL SSLCERTS:
directory. (you don't have to, but it helps to keep everything together.)
and make sure it is readable by whatever account the OSU HTTPD
server runs under.
-
Unpack the updated/upgraded WWWSSL.COM
and place it in the root directory of the OSU HTTPD server.
You might want to look this script over as you can define where you
have the SSL_TASK.EXE and your SSL certificate if you choose
not to place them in the SSLEXE: and SSLCERTS: directory
as well defining an alternate location for the WWWSSL.LOG file.
-
Now you just need to startup the HTTPD server on port 80 and 443
like the following.
$ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER -
DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG -
DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF -
80 443
And if the server starts up correctly, you should be able to get
a secure connection using "https".
With that said and done, here are the instructions for building the OSU
HTTPD server with SSL support using the SSL_ENGINE program.
-
If you don't have the OSU HTTPD server already installed and running
you need to unpack the OSU distribution kit somewhere. (For the purpose
of this discussion we'll assume you unpacked it in a directory called
DISK$WORK:[HTTP_SERVER]).
If you already have the OSU HTTPD server installed, you are set.
-
Go to the [.BASE_CODE] directory in the OSU HTTPD distribution.
-
Unpack the OSU_SSL.ZIP files
into your [.BASE_CODE] directory replacing the files.
-
You need to build the OSU HTTPD server so that it will use the
shareable image TCP/IP interface. This is done as follows.
$ MMS/MACRO=(SHARE_TCP=xxxx)
Where the "xxxx" is one of the following.
CMUTCP CMU TCP/IP
MULTINET Multinet TCP/IP
TCPWARE TCPWare TCP/IP
TWGTCP Pathway TCP/IP
UCXTCP DEC UCX TCP/IP
-
When that is done running, you need to compile the TSERVER_SSL.C,
SSL_SERVER_DNET.C and SSL_ENGINE.EXE
$ CC TSERVER_SSL.C
$ CC SSL_SERVER_DNET.C
$ CC SSL_ENGINE.C
-
Now, you need to look at the BSS_MST.C file in an editor.
If you see the line #include "cryptlib.h" you need to remove
that line and replace it with #include "bio.h"
With that done, you can save the file and exit the editor.
-
If you compiled OpenSSL with RSAREF support, you need to
edit the SSL_ENGINE.OPT and SSL_LIBRARIES.OPT file and
uncomment the line for the LIBRSAGLUE library.
-
You now need to compile the SSL_THREADED.C and BSS_MST.C
files as follows.
$ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
/INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
SSL_THREADED.C
$ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
/INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
BSS_MST.C
-
Link the SSL_ENGINE.EXE with the following command.
$ LINK/NOTRACEBACK/EXE=SSLEXE:SSL_ENGINE.EXE SSL_ENGINE.OPT/OPT
If all went well, you should have SSL_ENGINE.EXE in your
SSLEXE: directory. You need to make sure the protection on the
SSLEXE:SSL_ENGINE.EXE file is set to
(SYSTEM:RWED,OWNER:RWED,GROUP,WORLD:RE) so execute the following
to make sure.
$ SET FILE SSLEXE:SSL_ENGINE.EXE/PROTECTION=(SYSTEM:RWED,OWNER:RWED,GROUP,WORLD:RE)
-
The SSL_ENGINE needs to be installed with SYSNAM privs.
Install the SSLEXE:SSL_ENGINE.EXE as follows.
$ INSTALL ADD SSLEXE:SSL_ENGINE.EXE/PRIVS=(SYSNAM)
I would advise adding the above to your OSU startup script so it
is executed when the server is started up.
-
You now need to link the DECNet SSL server. Go to your OSU
[.BASE_CODE] directory and execute the following.
$ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_DNET)
-
If that went well you should have the file TSERVER_SSL.EXE in
your OSU [.SYSTEM] directory.
-
Unpack the updated replacement
TSERVER_TCPSHR_INSTALL.COM file and place it in the OSU HTTPD
[.SYSTEM] directory.
-
Copy your SSL server certificate into the OpenSSL SSLCERTS:
directory. (you don't have to, but it helps to keep everything together.)
and make sure it is readable by whatever account the OSU HTTPD
server runs under.
-
Unpack the updated/upgraded WWWSSL.COM
and place it in the root directory of the OSU HTTPD server.
You might want to look this script over as you can define where you
have the SSL_ENGINE.EXE and your SSL certificate if you choose
not to place them in the SSLEXE: and SSLCERTS: directory
as well defining an alternate location for the WWWSSL.LOG file.
-
Now you just need to startup the HTTPD server on port 80 and 443
like the following.
$ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER -
DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG -
DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF -
80 443
And if the server starts up correctly, you should be able to get
a secure connection using "https".
With that said and done, here are the instructions for building the OSU
HTTPD server with MST SSL server support.
-
If you don't have the OSU HTTPD server already installed and running
you need to unpack the OSU distribution kit somewhere. (For the purpose
of this discussion we'll assume you unpacked it in a directory called
DISK$WORK:[HTTP_SERVER]).
If you already have the OSU HTTPD server installed, you are set.
-
Go to the [.BASE_CODE] directory in the OSU HTTPD distribution.
-
Unpack the OSU_SSL.ZIP file into your
[.BASE_CODE] directory replacing the files.
-
You need to build the OSU HTTPD server so that it will use the
shareable image TCP/IP interface. This is done as follows.
$ MMS/MACRO=(SHARE_TCP=xxxx)
Where the "xxxx" is one of the following.
CMUTCP CMU TCP/IP
MULTINET Multinet TCP/IP
TCPWARE TCPWare TCP/IP
TWGTCP Pathway TCP/IP
UCXTCP DEC UCX TCP/IP
-
When that is done running, you need to compile the TSERVER_SSL.C
and SSL_SERVER_MST.C
$ CC TSERVER_SSL.C
$ CC SSL_SERVER_MST.C
-
Now, you need to look at the BSS_MST.C file in an editor.
If you see the line #include "cryptlib.h" you need to remove
that line and replace it with #include "bio.h"
With that done, you can save the file and exit the editor.
-
If you compiled OpenSSL with RSAREF support, you need to
edit the SSLSHR_SERVER_MST.OPT and SSL_LIBRARIES.OPT file
and uncomment the line for the LIBRSAGLUE library.
-
You now need to compile the SSL_THREADED.C and BSS_MST.C
files as follows.
$ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
/INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
SSL_THREADED.C
$ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
/INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
BSS_MST.C
-
You now need to link the MST SSL server. Go to your OSU
[.BASE_CODE] directory and execute the following.
$ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_MST)
-
If that went well you should have the file TSERVER_SSL.EXE in
your OSU [.SYSTEM] directory.
-
Unpack the updated replacement
TSERVER_TCPSHR_INSTALL.COM file and place it in the OSU HTTPD
[.SYSTEM] directory.
-
Copy your SSL server certificate into the OpenSSL SSLCERTS:
directory. (you don't have to, but it helps to keep everything together.)
and make sure it is readable by whatever account the OSU HTTPD
server runs under.
-
You now need to define the following logicals as /SYSTEM/EXECto
customize your installation of the MST SSL server.
WWWSSL_MST_THREAD_LIMIT : The Maximum Number Of SSL Threads Allowd.
(Default is 10)
WWWSSL_MST_STACK_SIZE : The Stack Size For SSL Server Threads.
(Default is 60000)
WWWSSL_MST_QUEUE_FLAG : Weather Or Not To Wait For Next Available Thread.
(TRUE or FALSE value)
WWWSSL_MST_CERTIFICATE : Location Of The Server's SSL Certificate.
WWWSSL_MST_LOGFILE : Location To Put The MST SSL Log File.
WWWSSL_MST_VERSION : Which versions of SSL To Use 2, 3 or 23
(Default is 2)
Here's an example...
$ DEFINE/SYSTEM/EXEC WWWSSL_MST_THREAD_LIMIT 15
$ DEFINE/SYSTEM/EXEC WWWSSL_MST_STACK_SIZE 90000
$ DEFINE/SYSTEM/EXEC WWWSSL_MST_QUEUE_SIZE TRUE
$ DEFINE/SYSTEM/EXEC WWWSSL_MST_CERTIFICATE SSLCERTS:SERVER.PEM
$ DEFINE/SYSTEM/EXEC WWWSSL_MST_LOGFILE DISK$HTTP:[HTTP_LOGS]SSL_MST.LOG
$ DEFINE/SYSTEM/EXEC WWWSSL_MST_VERSION 23
I recomend putting the defines in your OSU HTTP startup file.
-
Now you just need to startup the HTTPD server on port 80 and 443
like the following.
$ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER -
DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG -
DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF -
80 443
And if the server starts up correctly, you should be able to get
a secure connection using "https".